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(54) Protocol for instant messaging 

(57) Messages are transmitted in nearly real-time in 
a distributed system. The message transmission sys- 
tem comprises a first message gateway (4) receiving a 
message from a sending client (9). Meta information is 
extracted by the first message gateway (4) from the re- 
ceived message and the meta information (Ml) is trans- 
mitted from the first message gateway (4) to a message 



broker (2) connected to a client profile database (3). The 
message broker (2) selects a second message gateway 
(5) on the basis of the meta information and the client 
profile data of the client profile database (3), Than a 
message from the first message gateway (4) is trans- 
mitted to the selected second message gateway (5) 
which transfers the message to a target client (8). 
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Description 

[0001] The present invention relates to a method for 
the transmission of messages in a distributed system, 
to a computer program product for implementing such 
a method in a network environment as well as to a dis- 
tributed system for the transmission of messages. 
[0002] The present invention generally relates to the 
field of electronic messaging. Electronic messages in 
the form of e-mails or GSM short message texts are 
known. They rely on a store-and-forward technique 
where the originator of the message sends the message 
to a computer node. In the node the message is stored 
and then forwarded to other nodes until it reaches a 
mailbox belonging to the intended user. 
[0003] Also known from prior art are dedicated gate- 
ways for transferring a message from one transfer me- 
dium (e.g. SMS) to another transfer medium (e. g. fax). 
Several GSM network operators and independent serv- 
ice providers offer functionality like this. The major dis- 
advantage of such systems is that there are targeted at 
afixedtransfertask, so is from one well-defined medium 
into another. 

[0004] Another means known from prior art is the use 
of inexpensive intermediate networks for transmitting 
messages between different locations. For example, 
one could send a document as an attachment of a e- 
mail. This combined message is sent to dedicated gate- 
way where it is converted to fax and transmitted to the 
intended recipient. 

[0005] From US-A-5,608,786 an unified messaging 
system is known. This known technique makes use of 
existing communication channels or networks. Part of 
the system relies on a data communication network 
forming an intermediate leg of the distribution network. 
Telephone communication is typically used for initial or 
final legs. Voice mail, E-mail, facsimiles and other mes- 
sage types can be received by the system for retrieval 
by the subscriber. Communications may be centralised 
and retrieval of messages can be accomplished using 
one of a number of separate and distinct approaches. 
Thus, data communication networks such as the inter- 
net can become global voice mail and facsimile mail sys- 
tems. 

[0006] As state of the art messaging systems like e- 
mail have a store-and-forward-communication struc- 
ture, they have inherently problems with instant (i. e. 
nearly real-time) message delivery. 
[0007] Furthermore nearly real-time transmission of 
messages implies a big number of processing systems 
for high message throughput. 

[0008] Therefore it is the object of the present inven- 
tion to provide for a technique for the transmission of 
messages in a distributed system enabling for a high 
message throughput and a decreased load on the 
processing units of the distributed system. 
[0009] Said object is achieved by means of the fea- 
tures of the independent claims. The dependent claims 



develop further the central idea of the present invention. 
[001 0] According to a first aspect of the present inven- 
tion a method for the transmission of messages in a dis- 
tributed system is provided. A message is received from 

5 a sending client by means of a first message gateway. 
Meta information extracted from the received message 
is transmitted from the first message gateway to a mes- 
sage broker. A second message gateway is selected on 
the basis of the meta information and client profile data. 

10 The message is sent from the first message gateway to 
the selected second message gateway to transfer it to 
a target client. 

[0011] The message broker can process the meta in- 
formation to provide for security and authentication and 

15 returns it to the first message gateway. 

[001 2] The message broker can process the meta in- 
formation and return it to the first message gateway 
such that controlled by the processed meta information 
the message can be sent to the selected second gate- 

20 way together with the meta information. 

[001 3] The message itself can be converted by a mes- 
sage processor before it is sent to the selected second 
message gateway. 

[0014] According to another aspect the computer pro- 
25 gram product for implementing such a method in a net- 
work environment is provided. 

[001 5] According to still another aspect to the present 
invention a distributed system for the transmission of 
messages is provided. The system comprises a first 

30 message gateway for the reception of messages from 
sending clients and for the extraction of meta informa- 
tion from the received messages. A message broker re- 
ceives the meta information from the first message gate- 
way, processes the meta information and returns it to 

35 the first message gateway. The system furthermore 
comprises a second message gateway (which can be 
identical to the first message gateway) for receiving the 
message from the first message gateway controlled by 
the processed meta information and for sending the 

40 message to a target client. 

[0016] A client profile database can be connected to 
the message broker. The message broker processes 
the meta information on the basis of the data of the client 
profile database. 

45 [0017] The message broker can furthermore provide 
for a security and/or authentication functionality. 
[0018] A message processor can be interconnected 
between the first and second message gateway for 
processing the content (and not the meta information) 

so of a message. 

[0019] Further features, advantages or objects of the 
present invention will be evident for the man skilled in 
the art when reading the following detailed description 
of embodiment of the present invention taken in con- 

55 junction with the figures of the enclosed drawings. 

Fig. 1 shows an example of a instant messaging 
system, 
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Fig. 2 shows a communication structure of a mes- 
saging system, 

Fig. 3 shows a message and information authenti- 
cation protocol, 

Fig. 4 shows a symmetric representation of the 
process according to the present invention, and 

Fig. 5a and 5b show in detail a message and infor- 
mation authentication protocol. 

[0020] Fig. 1 shows an example of a instant messag- 
ing system. The system essentially consists of instant 
message brokers 2 connected to client profile databas- 
es 3, gateways for e-mail 4, gateways for GSM/SMS 6, 
gateways for voice mail and facsimile 5 which can com- 
municate with each other by means of a network 1 . At 
least one message processor 7 can process particularly 
the content of transmitted messages. The instant mes- 
sage broker 2 manages the system configuration and 
state, user profiles of the client profile database 3, mes- 
sage routing and services, accounting and security. 
[0021] Fig. 2 shows the communication structure of a 
messaging system. A configuration comprises an origi- 
nator (instant message gateway 4), a receiver (instant 
message gateway 5) and a message broker 2 as well 
as additional units. The different units of such a system 
may be global distributed or located at a single compu- 
tation node, In the example of Fig, 2 the data flow of 
such a minimal messaging system is schematically de- 
picted. 

[0022] In phase 1 the originator gateway 4 receives a 
message from a client (i. e, a facsimile from a PSTN), 
prepares (extracts) meta information from the message 
received and sends the meta information to the mes- 
sage broker 2. 

[0023] In phase 2 the message broker 2 determines 
the required message conversion and the message 
route according to the state of the messaging system 
and client (sender and receiver) profiles stored in the 
connected database 3. Additionally the message broker 
2 can prepare message security and also indication. 
The modified meta information is than returned from the 
instant message broker 2 to the originator gateway 4. 
[0024] In phase 3 controlled by the meta information 
the originator gateway 4 transmits the instant message 
(consisting of meta information and message content) 
to the receiver gateway 5. In case where an additional 
message service or message conversion is required, 
the instant message can be routed over an additional 
message processor 7. 

[0025] In phase4thereceivergateway5transmitsthe 
(eventually converted) message to the client. After 
transmission the receiver gateway 5 sends an acknowl- 
edgement (e. g. delivery, client receipt, or non-delivery) 
to the message broker 2, wherein the acknowledgement 
controls the message flow. 



[0026] Fig. 3 shows in detail the message and infor- 
mation authentication protocol. At first in a set-up phase 
one the originator gateway 4 transmits meta information 
to the message broker 2, wherein the meta information 

s can be signed. 

[0027] In a release phase two the message broker 2 
returns transmission management information (signed). 
[0028] In a transmission phase three the originator 
gateway 4 transmits signed instant message to the re- 

10 ceiver gateway 5 (optionally through message proces- 
sors 7). 

[0029] In a authentication and accounting phase four 
the receiver gateway 5 returns a signed acknowledge- 
ment to the message broker 2. 

15 [0030] As reference to figure4the message transmis- 
sion according to the present invention will be explained 
by means of the graphical representation. 
[0031] In step S1 the originator gateway receives a 
message from a sending client. In a step S2 the origi- 

20 nator gateway extracts meta information by performing 
a predetermined processing. In a step S3 a communi- 
cation between the originatorgateway and the message 
broker is set up and in a step S4 the meta information 
extracted in step S2 is transmitted. In step S5 the mes- 

25 sage broker modifies the meta information by using cli- 
ent profile data from connected client profile database. 
In step S6 the modified meta information (managing in- 
formation) is transmitted from the message broker to the 
originator gateway. In step S7 a communication set-up 

30 between the originator gateway and a destination gate- 
way is effected. In step S8 the message content and the 
meta information are transmitted from the originator 
gateway to the second (destination) gateway. In step S9 
the message is delivered from the destination gateway 

35 to the target client. In step S10 the destination gateway 
returns a communication gateway to the message bro- 
ker. I n step S1 1 the message broker sends an acknowl- 
edgement to the originator gateway. 
[0032] With reference to figure 4 the message and in- 

40 formation authentication protocol will be explained in de- 
tail. 

[0033] The originator gateway sends a time synchro- 
nised communication set-up (TSCS) login key to the in- 
stant message broker. The communication is set up by 

45 the transmission of theTSCS login key C and its digests 
HMAC (K1 , C). The instant message broker checks the 
TSCS login key and returns a TSCS acknowledgement 
key containing a session key. The TSCS acknowledge- 
ment key containing the random generated session key 

so C ack issentto the instant message gateway (originator). 
Note that the different session keys are randomly gen- 
erated and uniqueforeach communication step they are 
applied in. 

[0034] The originator gateway appends the session 
55 key to the message and sends an instant message meta 
information (IMI) signed with the key K1 to the message 
broker. The instant message meta information (IMI) is 
transmitted with the appended session key C ack and ist 



3 



5 EP 1 104 965 A1 6 



digests HMAC (K1 , IMI + C ack ). The message broker 
checks the instant message meta information (IMI) and 
inserts and modifies information in the IMI by using user 
profile tables and database information. The session 
key is appended to the message. The message is than 
signed with key K2 and key K1 . The broker IMI is trans- 
mitted with the broker inner digest ID (corresponding to 
HMAC (K2, IMI + C ack ). The IMI in the broker digest are 
signed again with key K1 (outer digest HMAC (K1 , IMI 
+ C ack + HMAC (K2, IMI + C ack )). 
[0035] The originator gateway checks the outer digest 
and sends an acknowledgement process broker IMI to 
the message broker. 

[0036] Than the originator gateway set ups a commu- 
nication by the transmission of the TSCS login key C 
and its digest HMAC (K1 , C) to the message gateway 
(destination). The destination gateway checks the 
TSCS login key and returns a TSCS acknowledgement 
key containing a session key. Therefore the TSCS ac- 
knowledgement key containing the session key C ack is 
sent to the originator gateway. 

[0037] The originator gateway appends the session 
key to the message and sends an instant message 
signed with key K1 to the destination gateway. There- 
fore an instant message (IM)(i. e. message data and 
IMI) containing the message M is transmitted to the des- 
tination gateway. 

[0038] The destination gateway checks the instant 
message, converts the instant message and sends an 
acknowledgement which is signed to the originator gate- 
way. The session is than finished for the originator gate- 
way. 

[0039] The message is than delivered from the desti- 
nation gateway to the target client (customer). 
[0040] The destination gateway is than sending a 
TSCS login key for a communication set-up to the mes- 
sage broker. 

[0041] The message broker checks the TSCS login 
key and returns a TSCS acknowledgement key contain- 
ing a session key to the destination gateway. In the ac- 
knowledgement step the destination gateway returns 
the broker ID (generated previously by the message 
broker) and a message delivery read acknowledgement 
and signs it with the key K1 . 

[0042] The destination gateway sends a broker IMI, 
message delivery/read acknowledgement and signs it 
with K1. 

[0043] The message broker checks the outer digest 
generated by the destination gateway with the key K1 , 
checks the returned ID by comparing it with its own 
(stored) previously generated ID sent to the destination 
gateway, processes the acknowledgement, terminates 
the transaction and returns the acknowledgement to the 
destination gateway. 

[0044] The instant message meta information integri- 
ty and origin is assured by the generation of the meta 
information inner digest ID (by using the message bro- 
ker key K2) and the comparison with the inner digest ID 



received from the destination gateway. Therefore the 
message broker can positively control the proper trans- 
mission of the inner digest ID from the sending gateway 
to the destination gateway. Furthermore it can be as- 

s sured that no communication between the sending gate- 
way and the destination gateway is possible without in- 
tervention of the message broker. 
[0045] The message broker then sends a TSCS login 
key for a communication set-up to the originator gate- 

10 way. 

[0046] The originator gateway checks the digest, 
processes the acknowledgement, notifies the sending 
client and returns an acknowledgement to the message 
broker. 

15 [0047] The message broker than transmits a trans- 
mission message delivery acknowledgement signed 
with K1 to the originator gateway. 
[0048] The originator gateway checks the TSCS login 
co-key and returns a TSCS acknowledgement key con- 
20 taining the session key to the instant message broker. 
[0049] The invention therefore provides a technique 
for (nearly) real-time capital flow control of direct mes- 
saging in a distributed messaging system. 
[0050] The purpose of instant messaging is to trans- 
25 mit high priority messages in (nearly) real-time between 
clients (man and machine). Unified messaging merges 
analog and digital transmitted messages such as fac- 
simile, voice mail, e-mail, WWW and the cell phone 
short message service (GSM/SMS) to unified instant 
30 messages. A Unified Instant Messaging System (UIMS) 
is a (global) distributed system that consists of four ma- 
jor components that communicate with each other over 
an IP network: distributed gateways, message proces- 
sors message brokers and a client directory database. 
35 Messages of arbitrary form are converted into Unified 
nstant Messages by the Instant Message Gateways 
and vice versa. The Instant Message Brokers (1MB) con- 
trols the message flow, accounting and message con- 
version Additionally message brokers must ensure the 
40 authentication and security of instant messages to pre- 
vent the distributed system from unauthorised access. 
[0051 ] The present invention is an efficient data trans- 
mission protocol for the transmission of messages in 
nearly real-time. In an UIMS a relatively small number 
45 of message brokers manages the message transfer, 
processing and security. Thus, the communication pro- 
tocol and unified message structure is optimised for high 
message throughput and a minimum broker load. In- 
stead of complete message transmission and process- 
so ing, IMBs processes message meta information. 

[0052] The present invention describes an apparatus 
and method for controlling message flow and process- 
ing in a distributed instant (i.e. nearly real-time) messag- 
ing systems. Because of the meta information is much 
55 more compact as the message itself, a higher through- 
put with reduced data transfer is reached. The (meta) 
message content and control flow is transmitted with au- 
thentication which means that it allows the communicat- 
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ing parties (gateways processors and brokers) to verify 
that the received messages (as well as the true and al- 
leged originator) are authentic. In MIAP information is 
authenticated using Time Synchronised Communica- 
tion Setup by Keyed-Hashing Message Authentication 
(TSCS) for message authentication. 
[0053] Authenticated, high throughput apparatus and 
method (protocol) foracommunication in distributed, di- 
rect messaging systems are proposed. The message 
flow control and further messaging process of such a 
system is managed by one of several instances of mes- 
sage brokers. Time synchronised communication set up 
by keyed-hashing method authentication (TSCS) for 
message authentication is used. 



Claims 

1 . Method for the transmission of messages in a dis- 
tributed system, the method comprising the follow- 
ing steps: 

reception of a message from a sending client 
(9) by a first message gateway (4), 
transmission of meta information extracted 
from the received message from the first mes- 
sage gateway (4) to a message broker (2), 
selection of a second message gateway (5) on 
the basis of the meta information and client pro- 
file data (3), and 

sending the message from the first message 
gateway (4) to the selected second message 
gateway (5) to transfer it to a target client (8). 

2. Method according to claim 1 , 
characterized in that 

the message broker (2) processes the meta infor- 
mation to provide for security and authentication 
and returns it to the first message gateway (4). 

3. Method according to anyone of the preceding 
claims, 

characterized in that 

the message broker (2) processes the meta infor- 
mation and returns it to the first message gateway 
(4) and in that, controlled by the processed meta 
information, the message is sent to the selected 
second gateway (5) together with the meta informa- 
tion. 

4. Method according to anyone of the preceding 
claims, 

characterized in that 

the message itself is converted by a message proc- 
essor (7) before it is sent to the selected second 
message gateway (5). 

5. Computer program product, 



characterized in that 

it implements a method according to anyone of the 
preceding claims when loaded in the memory of a 
computing device in a network environment. 

5 

6. Distributed system for the transmission of messag- 
es, the system comprising: 

a first message gateway (4) for the reception of 
10 messages from sending clients (9) and for the 

extraction of meta information from the re- 
ceived messages, 

a message broker (2) for receiving the meta in- 
formation from the first message gateway (4), 

'5 processing the meta information and returning 

it to the first message gateway (4), and 
a second message gateway (5) for receiving 
the message from the first message gateway 
(4) controlled by the processed meta informa- 

20 tion and for sending the message to a target 

client (8). 

7. Distributed system according to claim 6, 
characterized by 

25 a client profile database (3) connected to the mes- 
sage broker (2), wherein the message broker (2) 
processes the meta information on the basis of the 
data of the client profile database (3), 

so 8. Distributed system according to anyone of claims 6 
or 7, 

characterized in that 

the message broker (2) provides for a security and/ 
or authentication functionality. 

9. Distributed system according to anyone of claims 6 
to 8, 

characterized by 

a message processor (7) interconnected between 
40 the first and second message gateway (4, 5) for 
processing the content of the message. 
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FIG 4 
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